Base policy class

The Base class provides basic security policies.

A PSL description of the Base class is provided in the following file:

/opt/KasperskyOS-Community-Edition-<version>/toolchain/include/nk/base.psl

Base class object

A Base class object is automatically created when connecting the PSL description of the class.

You may need to create additional objects of the Base class to declare audit profiles associated with these objects.

Base class objects do not have configurations.

Base class policies

The Base policy class consists of the following rule policies:

• grant ()

  Takes no parameters. Returns an "allowed" decision (KSS_GRANT).

  Example: request { grant () }

• assert (Boolean)

  Returns an "allowed" decision (KSS_GRANT) if the value of the passed expression is true. Otherwise returns "denied" (KSS_DENY).

  Example: request { assert (message.port > 80) }

• deny ()

  Takes no parameters. Returns a "denied" decision.

  Example: request { deny () }

Example

...

use nk.base._

/* foo entity that is allowed to receive

messages but is not allowed to respond to them */

request src=foo { grant () }

response src=foo { deny () }

Page top